PATENT 



Attorney Docket No(s). 270/074; 

OI7010852002 



AMENDMENTS TO THE CLAIMS 

Please amend claims 1, 22, and 43, and insert new claims 52-57, as follows. A complete 
listing of the claims is provided below. 

1 . (Currently Amended) A method for managing user schemas in a distributed computing 
system, the method comprising: 

creating a first global user identification for a first user; 
creating a second global user identification for a second user; 

creating a local user schema at a network node, the local user schema accessible by the 
first and the second users; 

mapping the first global user identification to the local user schema; 

mapping the second global user identification to the local user schem a, wherein the steps 
of mapping are performed without using a user name ; 

when the first user logs into the network node, assigning the local user schema to the first 
user with a first user role; 

when the second user logs into the network node, assigning the local user schema to the 
second user with a second user role; and 

wherein the first user and the second user have different privileges on the network node, a 
scope of the privilege for the first user is based at least partially on the first user role, and a scope 
of the privilege for the second user is based at least partially on the second user role. 

2. (Original) The method of claim 1 in which the first and second global user identifications 
are stored in a directory. 

3. (Original) The method of claim 2 in which the directory comprises a LDAP directory. 

4. (Original) The method of claim 1 in which the network node is a database server. 
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5. (Original) The method of claim 1 in which a data object maps the first global user 
identification to the local user schema. 

6. (Original) The method of claim 5 in which the data object specifically maps only the first 
global user identification to the local user schema. 

7. (Original) The method of claim 6 in which the data object maps based upon the full 
distinguished name for the first user. 

8. (Original) The method of claim 5 in which the data object potentially maps multiple users 
to the local user schema. 

9. (Original) The method of claim 8 in which the data object maps based upon a partial 
identification of the users. 

10. (Original) The method of claim 5 in which the data object maps based upon a specific 
computer node. 

1 1 . (Original) The method of claim 1 0 in which the data object resides in a directory beneath 
an associated server object. 

12. (Original) The method of claim 5 in which the data object maps based upon a domain. 

13. (Original) The method of claim 12 in which the data object resides beneath a domain 
object. 

14. (Original) The method of claim 1 in which the first user role and the second user role are 
different. 

15. (Original) The method of claim 1 in which privileges associated with the local schema 
are assigned to the first and second users. 



PA/52185478.1 



3 



PATENT 

Attorney Docket No(s). 270/074; 

OI701 0852002 

16. (Original) The method of claim 1 in which an entry-level mapping object maps a specific 
user and in which a subtree-level mapping object potentially maps multiple users based upon a 
partial match of user identifications, wherein the entry-level mapping object takes precedence 
over the subtree-level mapping object. 

17. (Previously Presented) The method of claim 1 in which a server mapping object and a 
domain mapping object both map a user, wherein the server mapping object takes precedence 
over the domain mapping object. 

18. (Original) The method of claim 1 in which a record is maintained to track mappings to 
the local user schema that provides an audit trail corresponding to the first and second users. 

1 9. (Original) The method of claim 1 8 in which the record distinguished between mappings 
for the first and second users. 

20. (Original) The method of claim 1 further comprising the act of creating a local mapping 
at the network node, in which the first user is mapped to the local schema only if the local 
mapping does not contain a mapping for the first user. 

21. (Original) The method of claim 1 further comprising the act of creating a non-shared 
schema at the network node, the local user schema being a shared schema at the network node, in 
which the first user is mapped to the shared schema only if the first user is not mapped to the 
non-shared schema. 

22. (Currently Amended) A computer program product that includes a medium usable by a 
processor, the medium having stored thereon a sequence of instructions which, when executed 
by said processor, causes said processor to execute a process for user schemas in a distributed 
computing system, the process comprising: 

creating a first global user identification for a first user; 
creating a second global user identification for a second user; 
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creating a local user schema at a network node, the local user schema comprising an 
account accessible by the first and the second users; 

mapping the first global user identification to the local user schema; 

mapping the second global user identification to the local user schem a, wherein the steps 
of mapping are performed without using a user name ; 

when the first user logs into the network node, assigning the local user schema to the first 
user with a first user role; 

when the second user logs into the network node, assigning the local user schema to the 
second user with a second user role; and 

wherein the first user and the second user have different privileges on the network node, a 
scope of the privilege for the first user is based at least partially on the first user role, and a scope 
of the privilege for the second user is based at least partially on the second user role. 

23. (Original) The computer program product of claim 22 in which the first and second 
global user identifications are stored in a directory. 

24. (Original) The computer program product of claim 23 in which the directory comprises a 
LDAP directory. 

25. (Original) The computer program product of claim 22 in which the network node is a 
database server. 

26. (Original) The computer program product of claim 22 in which a data object maps the 
first global user identification to the local user schema. 

27. (Original) The computer program product of claim 26 in which the data object 
specifically maps only the first global user identification to the local user schema. 

28. (Original) The computer program product of claim 27 in which the data object maps 
based upon the full distinguished name for the first user. 
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29. (Original) The computer program product of claim 26 in which the data object potentially 
maps multiple users to the local user schema. 

30. (Original) The computer program product of claim 29 in which the partial identification 
comprises a partial distinguished name mapping. 

3 1 . (Original) The computer program product of claim 26 in which the data object maps 
based upon a specific computer node. 

32. (Original) The computer program product of claim 3 1 in which the data object resides in 
a directory beneath an associated server object. 

33. (Original) The computer program product of claim 26 in which the data object maps 
based upon a domain. 

34. (Original) The computer program product of claim 33 in which the data object resides 
beneath a domain object. 

35. (Original) The computer program product of claim 22 in which the first user role and the 
second user role are different. 

36. (Original) The computer program product of claim 22 in which privileges associated with 
the local schema are assigned to the first and second users. 

37. (Original) The computer program product of claim 22 in which an entry-level mapping 
object maps a specific user and in which a subtree-level mapping object potentially maps 
multiple users based upon a partial match of user identifications, wherein the entry-level 
mapping object takes precedence over the subtree-level mapping object. 
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38. (Previously Presented) The computer program product of claim 22 in which a server 
mapping object and a domain mapping object both map a user, wherein the server mapping 
object takes precedence over the domain mapping object. 

39. (Original) The computer program product of claim 22 in which a record is maintained to 
track mappings to the local user schema that provides an audit trail corresponding to the first and 
second users. 

40. (Original) The computer program product of claim 39 in which the record distinguished 
between mappings for the first and second users. 

41 . (Original) The computer program product of claim 22 further comprising the act of 
creating a local mapping at the network node, in which the first user is mapped to the local 
schema only if the local mapping does not contain a mapping for the first user. 

42. (Original) The computer program product of claim 22 further comprising the act of 
creating a non-shared schema at the network node, the local user schema being a shared schema 
at the network node, in which the first user is mapped to the shared schema only if the first user 
is not mapped to the non-shared schema. 

43. (Currently Amended) A system for managing user schemas in a distributed computing 
system, the method comprising: 

means for creating a first global user identification for a first user; 

means for creating a second global user identification for a second user; 

means for creating a local user schema at a network node, the local user schema 
comprising an account accessible by the first and the second users; 

means for mapping the first global user identification to the local user schema; 

means for mapping the second global user identification to the local user schema^ 
wherein the steps of mapping are performed without using a user name ; 

means for assigning the local user schema to the first user with a first user role when the 
first user logs into the network node; 
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means for assigning the local user schema to the second user with a second user role 
when the second user logs into the network node; and 

wherein the first user and the second user have different privileges on the network node, a 
scope of the privilege for the first user is based at least partially on the first user role, and a scope 
of the privilege for the second user is based at least partially on the second user role. 

44. (Previously Presented) The system of claim 43, further comprising a directory for storing 
the first and the second global user identifications. 

45. (Previously Presented) The system of claim 43, wherein the network node is a database 
server. 

46. (Previously Presented) The system of claim 43, wherein the first user role and the second 
user role are different. 

47. (Previously Presented) The system of claim 43, further comprising means for creating a 
local mapping at the network node. 

48. (Previously Presented) The system of claim 43, further comprising means for creating a 
non-shared schema at the network node. 

49. (Previously Presented) The method of claim 1 , wherein the scope of privilege for the first 
user and the scope of privilege for the second user are based also on the local user schema. 

50. (Previously Presented) The computer program product of claim 22, wherein the scope of 
privilege for the first user and the scope of privilege for the second user are based also on the 
local user schema. 

5 1 . (Previously Presented) The system of claim 43, wherein the scope of privilege for the 
first user and the scope of privilege for the second user are based also on the local user schema. 
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52. (New) The method of claim 1, wherein the steps of mapping are performed using a partial 
distinguished name. 

53. (New) The method of claim 1, wherein the user name comprises a common name that is a 
component of a distinguished name. 

54. (New) The computer program product of claim 22, wherein the steps of mapping are 
performed using a partial distinguished name. 

55. (New) The computer program product of claim 22, wherein the user name comprises a 
common name that is a component of a distinguished name. 

56. (New) The system of claim 43, wherein the steps of mapping are performed using a 
partial distinguished name. 

57. (New) The system of claim 43, the user name comprises a common name that is a 
component of a distinguished name. 
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